Rpm_package resource try to upgrade instead of to install

I’m trying to install a package but instead of to install the package, the rpm_package resource try to upgrade the rpm even though I’ve set the action to :install. As you can see below, -U option is used, aside from -ivh that I’ve added. Can someone explain why this happen?

---- Begin output of rpm -ivh -U /var/chef/cache/httpd-2.4.29-1.pb.x86_64.rpm ----
STDERR: error: Failed dependencies:
httpd = 0:2.4.29-1.mc is needed by (installed) mod_ssl-1:2.4.29-1.mc.x86_64
---- End output of rpm -ivh -U /var/chef/cache/httpd-2.4.29-1.pb.x86_64.rpm ----
Ran rpm -ivh -U /var/chef/cache/httpd-2.4.29-1.pb.x86_64.rpm returned 1

Resource Declaration:
# In /var/chef/cache/cookbooks/farmWebLayer/recipes/apache.rb

 42: rpm_package 'httpd-2.4.29-1.pb.x86_64' do
 43:   source "#{Chef::Config[:file_cache_path]}/httpd-2.4.29-1.pb.x86_64.rpm"
 44:   action :install
 45:   options "-ivh"
 46: end

Compiled Resource:
# Declared in /var/chef/cache/cookbooks/farmWebLayer/recipes/apache.rb:42:in `from_file'

rpm_package("httpd-2.4.29-1.pb.x86_64") do
  package_name "httpd-2.4.29-1.pb.x86_64"
  action [:install]
  retries 0
  retry_delay 2
  default_guard_interpreter :default
  declared_type :rpm_package
  cookbook_name "farmWebLayer"
  recipe_name "apache"
  source "/var/chef/cache/httpd-2.4.29-1.pb.x86_64.rpm"
  options "-ivh"
  version "2.4.29-1.pb"


rpm -U does the same thing as rpm -i but is safer. From the man pages


rpm {-U|–upgrade} [install-options] PACKAGE_FILE …
This upgrades or installs the package currently installed to a newer version. This is the same as install, except all other version(s) of the package are removed after the new package is installed.

There is almost no reason to use -i. If you use action :install chef will always use -U.

Hi spuder,
I already know that man page, but if rpm has two distinct options for that kind of operation, it has no sense to define the same two different actions (install and upgrade) on the rpm_package resource but doing the same thing.

Thus, the rpm_package action INSTALL shall simply install a package like -i option does in rpm command, while the UPGRADE action shall correspond to the -u option of the rpm command. Otherwise just provide the only ACTION UPGRADE.

But in some scenario, users want to simply install (-i) and do not upgrade (-u).

Two different behaviors of the rpm options should be reflected on rpm_package actions as well. What do you think?


rpm -i is dangerous because it will not replace obsoleted packages. Every install documentation I’ve ever seen for RHEL based packages has recommended using rpm -U.

Consider the mysql install documentation. They warn against using rpm -i and instead recommend using rpm -U


Since rpm -U does the exact same thing as rpm -i, but is safer, the cookbook chooses the safer option.

I know it seems counter intuitive to ‘upgrade’ a package instead of ‘installing’ it. This is something that the rpm developers chose, and is considered best practice.

The only time you want to use -i is when installing a kernel rpm and you want to leave your old kernel in place in case the new kernel will not boot.

OK. I got it that the best practise is to use the -u option. However it can be useful to let the programmer free to choice the best thing/option for the contest in which is operating to.

So every programmer shall use upgrade action when doing these kind of operations but in my opinion the rpm_package action install shall correspond to -i install and not to upgrade, because there is the action upgrade to do that.

What do you think about this?

Best regards

As already stated, there is NO reason to use strictly -i when installing or upgrading, however that is orthogonal to the the install and upgrade actions the resource provides. Chef abstracts these semantics for you, it will do the most right thing for the system. Should you disagree with this for whatever reason, you’re always allowed to ignore the abstraction and use say an execute resource or write your own custom resource that does it exactly like you want do it.

Chef is already doing the right thing and adhering to the correct semantics, the options you’re getting hung up on here aren’t really a problem so much as a perceived one.

In fact I’m using the execute resource to solve the issue. But if there are two actions, install and upgrade, the rpm_package resource shall use “-i” when I select install and “-u” when I select upgrade, otherwise there is no sense to have two equal options. You cannot say that Chef is doing the right thing because usually the common option is -u when a package installation is required but should simply map the rpm options on the resource action avoiding interpretation of the syntax. This is my opinion.